Surprising consequences of macOS’ environment variable sanitization

One unfortunate fact of my life is that I have to deal with an obscure database whose macOS drivers require the addition of a directory to DYLD_LIBRARY_PATH for their Python driver to find them. To make matters worse, Apple’s CLI tools strip that variable away as part of macOS’s System Integrity Protection (SIP) before running a command.

Given that DYLD_* environment variables are a known attack vector for Mac malware, that’s a good thing in general. However, sometimes one needs a workaround to get the job done.

Some of this made sense to me.

11 Comments

  1. 2023-01-11 8:36 pm
    • 2023-01-11 9:35 pm
      • 2023-01-11 10:22 pm
        • 2023-01-13 12:24 am
          • 2023-01-13 12:58 am
          • 2023-01-13 8:39 am
        • 2023-01-13 12:48 am
        • 2023-01-13 9:57 pm
          • 2023-01-13 11:37 pm
  2. 2023-01-13 8:59 am
    • 2023-01-13 10:24 am